package com.baizhi.config.security;

import com.baizhi.service.CmfzAdminService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

//开启注解式
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private CmfzAdminService cmfzAdminService;

    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder(){
        return new BCryptPasswordEncoder();
    }

    /**
     * HttpSecurity
     * 配置各种规则
     *
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/css/**","/js/**",
                        "/img/**", "/layui/**",
                        "/login.jsp","/cmfzAdmin/getCaptcha")
                .permitAll()
                //.antMatchers("/cmfzMenu/selectMenu")
                //.hasAnyRole("ADMIN")
                //.hasAnyAuthority("ROLE_ADMIN","menu:select","banner:add")
                .anyRequest()
                .authenticated()
                .and()
                .formLogin().loginPage("/login.jsp")
                .loginProcessingUrl("/login")
                .successForwardUrl("/cmfzAdmin/successForward")
                .failureForwardUrl("/cmfzAdmin/failureForward")
                .permitAll();

        http.csrf().disable();
        //配置允许ifream
        http.headers().frameOptions().disable();

    }

    /**
     * 认证
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        //在内存中 假数据
        /*auth.inMemoryAuthentication()
                .withUser("root").password("{noop}123456")
                .roles("ADMIN")
                .and()
                .withUser("admin").password("{noop}123456")
                .roles("ADMIN");*/


        /*auth.inMemoryAuthentication().withUser("root")
                .password("$2a$10$4S6tu23KKbgrXZmBf9ZzNereu552JELrw4jYavkrvPIwc0e8mLQiC")
                //.roles("ADMIN");
               .authorities("ROLE_ADMIN","menu:select","banner:add");*/
        //连接数据库 并设置加密的规则
        auth.userDetailsService(cmfzAdminService).passwordEncoder(bCryptPasswordEncoder());
    }
}
